0

I have set up Azure AD authentication with a Blazor server app. It works. I get redirected to login after which I get returned to the app.

In Startup.cs:

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
    .AddAzureAD(options => Configuration.Bind("AzureAd", options));

services.AddControllersWithViews(options =>
{
    var policy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
    options.Filters.Add(new AuthorizeFilter(policy));
});

I can get claims through

var authState = await AuthenticationStateProvider.GetAuthenticationStateAsync();
var user = authState.User;

But how do I get an authentication token? I want it so that I can use it to authenticate with Microsoft Graph. I can't find anything in Azure AD besides the checkbox to include an auth token (which is checked). Any ideas?

EDIT with my changes to the accepted answer:

var scopes = new[] { "user.read" };
services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAd")
    .EnableTokenAcquisitionToCallDownstreamApi(scopes)
    .AddInMemoryTokenCaches();

services.AddDownstreamWebApiService(Configuration);
services.AddMicrosoftGraph(scopes, "https://graph.microsoft.com/v1.0");

services.AddControllersWithViews(options =>
{
    var policy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
    options.Filters.Add(new AuthorizeFilter(policy));
}).AddMicrosoftIdentityUI();
Improve this question
1
  • If you get the authentication token the way you want, please tell me? Commented Sep 2, 2020 at 3:17

1 Answer 1

Reset to default
3

You can use this demo project in github which with Azure AD Authentication, that calls the Microsoft Graph API on-behalf of the signed-in user.

public void ConfigureServices(IServiceCollection services)
{
    // replace this line
    //services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
    //.AddAzureAD(options => Configuration.Bind("AzureAd", options));

    // with this
    string[] scopes = Configuration.GetValue<string>("CalledApi:CalledApiScopes")?.Split(' ');
    services.AddMicrosoftWebAppAuthentication(Configuration, "AzureAd")
                .AddMicrosoftWebAppCallsWebApi(Configuration,
                                               scopes,
                                               "AzureAd")
            .AddInMemoryTokenCaches();
    services.AddDownstreamWebApiService(Configuration);
    services.AddMicrosoftGraph(scopes,
                               Configuration.GetValue<string>("CalledApi:CalledApiUrl"));


    // Added AddMicrosoftIdentityUI()
    services.AddControllersWithViews(options =>
    {
        var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .Build();
        options.Filters.Add(new AuthorizeFilter(policy));
    }).AddMicrosoftIdentityUI();

    services.AddRazorPages();
    // Add consent handler
    services.AddServerSideBlazor().AddMicrosoftIdentityConsentHandler();
        
    services.AddSingleton<WeatherForecastService>();
}

We can use Graph directly.

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you! This actually works. But I did update it a bit because some methods there are obsolete. I'll put that in an EDIT of the question.
Thanks heaps! That demo project helped me find my missing configurations.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.